UniFi and the Captive Network Assistant

Your network is up and running and your hosted UniFi controller is humming along. You have full visibility across the network, and guests are getting their internet fix. Wait, marketing says, why are we not capturing our customer data? And so begins the foray into WiFi data capture and the unique experience that is captive portals and the captive network assistant.

What is the Captive Network Assistant

The Captive network assistant, also known as the captive portal assistant or simply WiFi popup or overlay is a limited browser function that opens on most mobile devices when they detect that they are in a captive portal environment. The reasoning behind this is that it helps users navigate any potential captive portal process. If the captive network assistant or CNA is not present then the user would have to open a browser and trigger the captive portal manually. The automated CNA just makes the entire process of getting online easier for the user when a captive portal is present.

Captive Network Assistant on UniFi

Ubiquiti UniFi handles the captive portal assistant in much the same way as other providers, which means that there isn’t much that hey can do about it. It is very much determined on the client side and the OS that the client is running. There is really only one action that can be taken on the UniFi controller to somewhat interject on this process. This involves white-listing certain IP addresses that will trick the client into thinking that it is already online, and therefore not launching the WiFi popup. You can white-list IP addresses under the guest control>Access Control area of the controller. The CNA is in place for a reason and that is to make it easier for the user. Any tinkering with this will inevitably result in a less than perfect user experience and is best avoided

Captive Portal Development Considerations

When you are in the business of developing solutions based on the captive portal then the captive network assistant can be a source of much frustration. Despite its usefulness on the client side, there are many considerations that would not be typically seen in standard development environments. Added to that the small pool of people actively involved, makes it difficult to find resources and documentation required to build solutions. Essentially, if your captive portal application needs to make any internet calls then the location of those requests needs to be white-listed or pre-authorized. This can be an painstaking process, made more complicated by the fact that the location of the requests will sometimes change unbeknownst to your development team.

Social Login on the UniFi Captive Portal

One particular use case that requires a lot of customization on the UniFi controller side is the implementation of social logon or registration. Taking Facebook or Google into account, they will have to make multiple calls to their respective servers to make sure that the logon is complete. All of these calls need to be identified and pre-authorized on your controller, otherwise the user will not be able to register. You can always use the social logon options provided by the UniFi guest portal where I assume they pre-authorize the required ip/domains in the background. If the free template isn’t sufficient or if you need something a little more professional, then you should consider an enterprise option.

To https or not to https

The management of https and SSL certs within the captive portal environment needs to be carefully considered. The captive network assistant further complicates this relationship and requires that the setup is correct to avoid clients receiving security messages when trying to join the WiFi network. The UniFi controller facilitates the management of SSL by providing several options. Ubiquiti have provided lots of documentation on these functions and the ubnt community is a great place to get answers to any questions you might have.

UniFi Captive Portal and the Captive Network Assistant

These are all important considerations when you are hoping to capture guest data on UniFi. You will need to have all your settings correct on your external portal server if you hope to use the UniFi guest portal. Another option is to let your gateway device handle the captive portal integration, but if you want to make the best use of your UniFi platform then the external portal server option is the best. The effort required to get it set up properly or the price you might pay for a professional option will be worth it.